• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.63-70
• /
• 2009

Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.

• Journal of Korea Multimedia Society
• /
• v.6 no.4
• /
• pp.610-619
• /
• 2003

This paper presents a concept of cellular automata and a modular exponentiation algorithm and implementation of a basic EIGamal encryption by using cellular automata. Nowadays most of modular exponentiation algorithms are implemented by a linear feedback shift register(LFSR), but its structure has disadvantage which is difficult to implement an operation scheme when the basis is changed frequently The proposed algorithm based on a cellular automata in this paper can overcome this shortcomings, and can be effectively applied to the modular exponentiation algorithm by using the characteristic of the parallelism and flexibility of cellular automata. We also propose a new fast multiplier algorithm using the normal basis representation. A new multiplier algorithm based on normal basis is quite fast than the conventional algorithms using standard basis. This application is also applicable to construct operational structures such as multiplication, exponentiation and inversion algorithm for EIGamal cryptosystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.1
• /
• pp.113-119
• /
• 2004

Exponentiation is widely used in practical applications related with cryptography, and as the discrete log is easily solved in case of a low exponent n, a large exponent n is needed for a more secure system. However. since the time complexity for exponentiation algorithm increases in proportion to the n figure, the development of an exponentiation algorithm that can quickly process the results is becoming a crucial problem. In this paper, we propose a parallel exponentiation algorithm which can reduce the number of rounds with a fixed number of processors, where the field elements are in GF($2^m$), and also analyzed the round bound of the proposed algorithm. The proposed method uses window method which divides the exponent in a particular bit length and make idle processors in window value computation phase to multiply some terms of windows where the values are already computed. By this way. the proposed method has improved round bound.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.477-489
• /
• 2014

Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.115-126
• /
• 2002

This paper deals with efficient algorithms for computing a product of n distinct powers in a group(called multi-exponentiation). Four different algorithms are presented and analyzed, each of which has its own range of n for best performance. Using the best performing algorithm for n ranging from 2 to several thousands, one can achieve 2 to 4 times speed-up compared to the baseline binary algorithm and 2 to 10 times speed-up compared to individual exponentiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.5
• /
• pp.63-74
• /
• 2001

Modular exponentiation is an essential operation required for implementations of most public key cryptosystems. This paper presents two architectures for modular exponentiation using the Montgomery modular multiplication algorithm combined with two binary exponentiation methods, L-R(Left to Left) algorithms. The proposed architectures make use of MUXes for efficient pre-computation and post-computation in Montgomery\`s algorithm. For an n-bit modulus, if mulitplication with m carry processing clocks can be done (n+m) clocks, the L-R type design requires (1.5n+5)(n+m) clocks on average for an exponentiation. The R-L type design takes (n+4)(n+m) clocks in the worst case.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.261-269
• /
• 2014

There are many researches on fast exponentiation algorithm which is used to implement a public key cryptosystem such as RSA. On the other hand, the malicious attacker has tried various side-channel attacks to extract the secret key. In these attacks, an attacker uses the power consumption or electromagnetic radiation of cryptographic devices which is measured during computation of exponentiation algorithm. In this paper, we propose a novel simple power analysis attack on m-ary exponentiation implementation. The core idea of our attack on m-ary exponentiation with pre-computation process is that an attacker controls the input message to identify the power consumption patterns which are related with secret key. Furthermore, we implement the m-ary exponentiation on evaluation board and apply our simple power analysis attack to it. As a result, we verify that the secret key can be revealed in experimental environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.10 no.4
• /
• pp.3-11
• /
• 2000

In this paper, we design modular multiplication systolic array and exponentiation processor having n bits message black. This processor uses Montgomery algorithm and LR binary square and multiply algorithm. This processor consists of 3 divisions, which are control unit that controls computation sequence, 5 shift registers that save input and output values, and modular exponentiation unit. To verify the designed exponetion processor, we model and simulate it using VHDL and MAX+PLUS II. Consider a message block length of n=512, the time needed for encrypting or decrypting such a block is 59.5ms. This modular exponentiation unit is used to RSA cryptosystem.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.985-991
• /
• 2015

The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately $2^{53}$ attack complexity, much lower than $2^{98}$ insisted in the original article, when the window size is two.